type: object
default: {}
additionalProperties: false
properties:
  storageClass:
    type: string
    default: null
    description: |
      The storage class to use with all Deckhouse components (Prometheus, Grafana, OpenVPN, etc.).
        * If not defined, components use `global.discovery.defaultStorageClass` (which is determined automatically) or `emptyDir` (if `global.discovery.defaultStorageClass` isn't defined).
        * Use this parameter only in exceptional circumstances.
        * This parameter is applied during module activation.
  highAvailability:
    type: boolean
    description: |
      A global switch to enable the *high availability* mode for modules that support it.

      If not defined, the value is determined automatically as `true` for clusters with more than one master node. Otherwise, it is determined as`false`.
    x-examples: [ true, false ]
  modules:
    description: |
      Common parameters of Deckhouse modules.
    additionalProperties: false
    default: {}
    type: object
    properties:
      ingressClass:
        type: string
        default: nginx
        description: |
          The class of the Ingress controller ([Ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)) used for Deckhouse modules.
        x-examples: [ "nginx" ]
        pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
      publicDomainTemplate:
        type: string
        pattern: '^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
        description: |
          The template with the `%s` key as the dynamic string parameter.

          Deckhouse modules use this template for creating Ingress resources.

          E.g., if the template is `%s.kube.company.my`, the prometheus module will create an Ingress resource for the `grafana.kube.company.my` hosts to  access Grafana.

          **Do not use** DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.

          **Pay attention to the following:**
          - Domain must be different from [clusterDomain](https://deckhouse.io/documentation/v1/installing/configuration.html#clusterconfiguration-clusterdomain)!**
          - Domain used in the template must not match the domain specified in the [clusterDomain](https://deckhouse.io/documentation/v1/installing/configuration.html#clusterconfiguration-clusterdomain) parameter. For example, if `clusterDomain` is set to `cluster.local` (the default value), `publicDomainTemplate` cannot be set to `%s.cluster.local`.

          If this parameter is omitted, no Ingress resources will be created.
        x-doc-examples: [ "%s.kube.company.my", "kube-%s.company.my" ]
        x-examples: [ "%s.kube.company.my" ]
      placement:
        description: |
          Parameters regulating the layout of Deckhouse module components.
        type: object
        additionalProperties: false
        default: {}
        properties:
          customTolerationKeys:
            description: |
              A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.
            x-doc-example: |
              ```yaml
              customTolerationKeys:
              - dedicated.example.com
              - node-dedicated.example.com/master
              ```
            type: array
            items:
              type: string
            x-examples:
            - [ "dedicated.example.com" ]
      https:
        description: |
          The HTTPS implementation used by the Deckhouse modules.
        type: object
        additionalProperties: false
        x-examples:
        - certManager:
            clusterIssuerName: letsencrypt
          mode: CertManager
        - mode: Disabled
        - mode: OnlyInURI
        - mode: CustomCertificate
          customCertificate:
            secretName: plainstring
        properties:
          mode:
            type: string
            description: |
              The HTTPS usage mode:
              * `CertManager` — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the `certManager.clusterIssuerName` parameter;
              * `CustomCertificate` — Deckhouse modules use HTTPS using the certificate from the `d8-system` namespace;
              * `Disabled` — Deckhouse modules use HTTP only (some modules may not work, e.g., [user-authn](https://deckhouse.io/documentation/v1/modules/150-user-authn/));
              * `OnlyInURI` — Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.
            default: CertManager
            enum:
            - Disabled
            - CertManager
            - CustomCertificate
            - OnlyInURI
          certManager:
            type: object
            additionalProperties: false
            default: {}
            properties:
              clusterIssuerName:
                type: string
                default: 'letsencrypt'
                x-doc-default: 'letsencrypt'
                description: |
                  Name of a `ClusterIssuer` to use for Deckhouse modules.

                  The [cert-manager](https://deckhouse.io/documentation/v1/modules/101-cert-manager/) module offers the following `ClusterIssuer`: `letsencrypt`, `letsencrypt-staging`, `selfsigned`, `clouddns`, `cloudflare`, `digitalocean`, `route53`. Also, you can use your own `ClusterIssuer`.
          customCertificate:
            type: object
            additionalProperties: false
            properties:
              secretName:
                type: string
                description: |
                  The name of the secret in the `d8-system` namespace to use with Deckhouse modules.

                  This secret must have the [kubernetes.io/tls](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#tls-secrets) format.
                default: "false"
      resourcesRequests:
        description: |
          The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, `cni-flannel`, `monitoring-ping`).

          [More](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes) about resource units in Kubernetes.
        type: object
        default: {}
        additionalProperties: false
        properties:
          controlPlane:
            type: object
            default: {}
            additionalProperties: false
            description: |
              The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).
            x-examples:
              - cpu: 1000m
                memory: 500M
            properties:
              cpu:
                description: |
                  The combined CPU requests for control-plane components on each master node.
                oneOf:
                  - type: string
                    pattern: "^[0-9]+m?$"
                  - type: number
              memory:
                description: |
                  The combined memory requests for control-plane components on each master node.
                type: string
                pattern: '^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$'
          everyNode:
            type: object
            default: {}
            additionalProperties: false
            description: |
              The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster.
            x-examples:
            - cpu: 100m
              memory: 150M
            x-doc-deprecated: true
            properties:
              cpu:
                description: |
                  The combined CPU requests for all the Deckhouse components on each node.
                default: "300m"
                oneOf:
                  - type: string
                    pattern: "^[0-9]+m?$"
                  - type: number
              memory:
                description: |
                  The combined memory requests for all the Deckhouse components on each node.
                type: string
                default: "512Mi"
                pattern: '^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$'
          masterNode:
            type: object
            additionalProperties: false
            description: |
              The amount of resources (CPU and memory) allocated to Deckhouse components running on the master nodes (including control plane components, if they are managed by Deckhouse).

              > **Caution!** Deckhouse may not manage control plane components in KaaS clusters (Kubernetes as a Service, managed Kubernetes service, etc.). In such cases, all the specified resources are allocated to the Deckhouse components except the control plane.
            x-examples:
            - cpu: "1"
              memory: 150Mi
            x-doc-deprecated: true
            properties:
              cpu:
                description: |
                  The combined CPU requests for Deckhouse components on master nodes **in addition** to `everyNode.cpu`.
                    * For a Deckhouse-controlled cluster, the default value is calculated automatically: `.status.allocatable.cpu` of the smallest master node (no more than `4` (CPU cores)) minus `everyNode.cpu`.
                    * For a managed cluster, the default value is `1` (CPU core) minus `everyNode.cpu`.
                oneOf:
                  - type: string
                    pattern: "^[0-9]+m?$"
                  - type: number
              memory:
                description: |
                  The total amount of memory allocated to Deckhouse components on master nodes **in addition** to `everyNode.memory`.
                    * For a Deckhouse-managed cluster, the default value is calculated automatically: `.status.allocatable.memory` of the smallest master node (no more than `8Gi`) minus `everyNode.memory`.
                    * For a managed cluster, the default value is `1Gi` minus `everyNode.memory`.
                type: string
                pattern: '^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$'
# TODO remove after 1.42 release
      proxy:
        deprecated: true
        additionalProperties: false
        description: |
          Global proxy setup for modules.
        type: object
        properties:
          httpProxy:
            deprecated: true
            type: string
            pattern: '^(http|https)://[0-9a-zA-Z\.\-:]+$'
            description: |
              Proxy URL for HTTP requests.
          httpsProxy:
            deprecated: true
            type: string
            pattern: '^(http|https)://[0-9a-zA-Z\.\-:]+$'
            description: |
              Proxy URL for HTTPS requests.
          noProxy:
            deprecated: true
            description: |
              List of no proxy IP and domain entries. Use a domain name with a dot prefix for wildcard domains (e.g., `.example.com`).
            type: array
            items:
              type: string
              pattern: '^[a-z0-9\-\./]+$'
        x-examples:
        - httpProxy: http://1.2.3.4:80
          httpsProxy: https://1.2.3.4:443
          noProxy: ["127.0.0.1", "192.168.0.0/24", "example.com", ".example.com"]
